Turnstile management and transit registration

fxbrit / ticketing-system

ticketing system built using the Spring framework

0 stars 0 forks source link

Turnstile management and transit registration #23

Closed riccardomengoli closed 2 years ago

riccardomengoli commented 2 years ago

This PR will implement issue #10

fxbrit commented 2 years ago

I think you branched from #20 or #22 which might lead to conflicts :-(

riccardomengoli commented 2 years ago

Turnstiles are normal users, I tried having separate tables for users and turnstiles but it was a mess with Spring Security and I don't even know if in the end it was possible.

However, registration can only be done by an admin and it does not require verification or any further check.

fxbrit commented 2 years ago

Turnstiles are normal users

I think we should reconsider this, from a logic standpoint it is already a questionable choice to not have a separate service, leave alone a separate entity. what are the complications of having separate entities?

riccardomengoli commented 2 years ago

The problem is with Spring Security, like authProvider.setUserDetailsService(customUserDetailsService) cannot be duplicated and so the username received by

override fun loadUserByUsername(username: String): UserDetails {
        val user = userRepository.findByUsername(username) ?: throw UsernameNotFoundException(username)
        return UserPrincipal(user)
    }

has to check both the UserRepo and TurnstileRepo.

Now that I'm writing this i believe that it might probably doable but I didn't have the time to try it. But then again, what if a user and a turnstile have the same username?

fxbrit commented 2 years ago

if turnstile are users we have to block this PR and work on #16 first, because it doesn't make sense to write this code without knowing if we can implement security with servlet or if we need to rebase to a reactive stack.

fxbrit commented 2 years ago

I carried this massive and messy rebase, the PR should be at a starting point that makes sense with respect to the master branch.

fxbrit commented 2 years ago

The problem is with Spring Security, like authProvider.setUserDetailsService(customUserDetailsService) cannot be duplicated and so the username received by

But then again, what if a user and a turnstile have the same username?

wouldn't this be easily solved by moving turnstiles to their own service? this would mean turnstile have their own database and endpoints which are completely independent and covered by a different Spring security config, with a separate register/login mechanism.

riccardomengoli commented 2 years ago

Alright, reactive turnstile login works. I deleted all the references to turnstiles in LoginService and reverted to email: String instead of String? since the email is now always present. Tests probably will fail again due to this change.